qakbot | c4d17fc98de1cb3de13e91caeaec4c2728ec13277b9e708e9eea5de0df3c7c66

General

Target

44300.5396033565.dat
Size

797KB
Sample

210422-xh1ezq3jzs
MD5

7c3ea6e3bb9b7b101e6588cd57d334ed
SHA1

acb4fdc2b804b553a870cb4976347707fb1bc2ac
SHA256

c4d17fc98de1cb3de13e91caeaec4c2728ec13277b9e708e9eea5de0df3c7c66
SHA512

947378e182a96698da596cfb963234c3f4e57ea68cfb7bff0c1054e0409a9dff72b8b8708d77b876e35323bfb55b634063a949af3a0060406013278eb911960b

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

402.12

Botnet

obama32

Campaign

1618995682

C2

190.85.91.154:443

140.82.49.12:443

96.37.113.36:993

73.25.124.140:2222

71.41.184.10:3389

50.244.112.106:443

78.63.226.32:443

24.152.219.253:995

105.198.236.99:443

149.28.101.90:8443

149.28.101.90:443

149.28.101.90:2222

45.77.115.208:8443

207.246.77.75:8443

207.246.77.75:2222

207.246.116.237:2222

45.77.117.108:995

144.202.38.185:2222

207.246.77.75:995

207.246.77.75:443

Targets

- Target
  
  44300.5396033565.dat
- Size
  
  797KB
- MD5
  
  7c3ea6e3bb9b7b101e6588cd57d334ed
- SHA1
  
  acb4fdc2b804b553a870cb4976347707fb1bc2ac
- SHA256
  
  c4d17fc98de1cb3de13e91caeaec4c2728ec13277b9e708e9eea5de0df3c7c66
- SHA512
  
  947378e182a96698da596cfb963234c3f4e57ea68cfb7bff0c1054e0409a9dff72b8b8708d77b876e35323bfb55b634063a949af3a0060406013278eb911960b
Score

10^/10

qakbot obama32 1618995682 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2